]>
Commit | Line | Data |
---|---|---|
934b03fc | 1 | NAME: http_port ascii_port |
2 | TYPE: ushortlist | |
3 | DEFAULT: 3128 | |
4 | LOC: Config.Port.http | |
5 | DOC_START | |
6 | The port number where squid will listen for HTTP client | |
7 | requests. Default is 3128, for httpd-accel mode use port 80. | |
8 | May be overridden with -a on the command line. | |
9 | ||
10 | You may specify multiple ports here, but they MUST all be on | |
11 | a single line. | |
12 | ||
13 | http_port 3128 | |
14 | DOC_END | |
15 | ||
16 | ||
17 | NAME: icp_port udp_port | |
18 | TYPE: ushort | |
19 | DEFAULT: 3130 | |
20 | LOC: Config.Port.icp | |
21 | DOC_START | |
22 | The port number where squid send and receive ICP requests to | |
23 | and from neighbor caches. Default is 3130. To disable use | |
24 | "0". May be overridden with -u on the command line. | |
25 | ||
26 | icp_port 3130 | |
27 | DOC_END | |
28 | ||
29 | ||
30 | NAME: mcast_groups | |
31 | TYPE: wordlist | |
32 | LOC: Config.mcast_group_list | |
1273d501 | 33 | DEFAULT: none |
934b03fc | 34 | DOC_START |
35 | This tag specifies a list of multicast groups which your | |
36 | server should join to receive multicasted ICP requests. | |
37 | ||
38 | NOTE! Be very careful what you put here! Be sure you | |
39 | understand the difference between an ICP _query_ and an ICP | |
40 | _reply_. This option is to be set only if you want to RECEIVE | |
41 | multicast queries. Do NOT set this option to SEND multicast | |
42 | ICP (use cache_host for that). ICP replies are always sent via | |
43 | unicast, so this option does not affect whether or not you will | |
44 | receive replies from multicast group members. | |
45 | ||
46 | You must be very careful to NOT use a multicast address which | |
47 | is already in use by another group of caches. NLANR has been | |
48 | assigned a block of multicast address space for use in Web | |
49 | Caching. Plese write to us at nlanr-cache@nlanr.net to receive | |
50 | an address for your own use. | |
51 | ||
52 | Usage: mcast_groups 239.128.16.128 224.0.1.20 | |
53 | ||
54 | By default, squid doesn't listen on any multicast groups. | |
55 | ||
56 | mcast_groups 239.128.16.128 | |
57 | DOC_END | |
58 | ||
59 | ||
60 | NAME: tcp_incoming_address bind_address | |
61 | TYPE: address | |
62 | LOC: Config.Addrs.tcp_incoming | |
270b86af | 63 | DEFAULT: 0.0.0.0 |
934b03fc | 64 | DOC_NONE |
65 | ||
66 | NAME: tcp_outgoing_address outbound_address | |
67 | TYPE: address | |
68 | LOC: Config.Addrs.tcp_outgoing | |
270b86af | 69 | DEFAULT: 255.255.255.255 |
934b03fc | 70 | DOC_NONE |
71 | ||
72 | NAME: udp_incoming_address | |
73 | TYPE: address | |
74 | LOC:Config.Addrs.udp_incoming | |
270b86af | 75 | DEFAULT: 0.0.0.0 |
934b03fc | 76 | DOC_NONE |
77 | ||
78 | NAME: udp_outgoing_address | |
79 | TYPE: address | |
80 | LOC: Config.Addrs.udp_outgoing | |
270b86af | 81 | DEFAULT: 255.255.255.255 |
934b03fc | 82 | DOC_START |
83 | Usage: tcp_incoming_address 10.20.30.40 | |
84 | udp_outgoing_address fully.qualified.domain.name | |
85 | ||
934b03fc | 86 | tcp_incoming_address is used for the HTTP socket which accepts |
87 | connections from clients and other caches. | |
88 | tcp_outgoing_address is used for connections made to remote | |
89 | servers and other caches. | |
90 | udp_incoming_address is used for the ICP socket receiving packets | |
91 | from other caches. | |
92 | udp_outgoing_address is used for ICP packets sent out to other | |
93 | caches. | |
94 | ||
95 | The defaults behaviour is to not bind to any specific address. | |
96 | ||
97 | NOTE, udp_incoming_address and udp_outgoing_address can not have | |
98 | the same value since they both use port 3130. | |
99 | ||
100 | tcp_incoming_address 0.0.0.0 | |
101 | tcp_outgoing_address 0.0.0.0 | |
102 | udp_incoming_address 0.0.0.0 | |
103 | udp_outgoing_address 0.0.0.0 | |
104 | DOC_END | |
105 | ||
106 | ||
107 | # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM | |
108 | #----------------------------------------------------------------------------- | |
109 | ||
40a1495e | 110 | NAME: cache_peer |
111 | TYPE: peer | |
1273d501 | 112 | DEFAULT: none |
0153d498 | 113 | LOC: Config.peers |
934b03fc | 114 | DOC_START |
115 | To specify other caches in a hierarchy, use the format: | |
116 | ||
117 | hostname type http_port icp_port | |
118 | ||
119 | For example, | |
120 | ||
121 | # proxy icp | |
122 | # hostname type port port options | |
123 | # -------------------- -------- ----- ----- ----------- | |
124 | cache_host bigserver.usc.edu parent 3128 3130 [proxy-only] | |
125 | cache_host littleguy1.usc.edu sibling 3128 3130 [proxy-only] | |
126 | cache_host littleguy1.usc.edu sibling 3128 3130 [proxy-only] | |
127 | ||
128 | type: either 'parent', 'sibling', or 'multicast'. | |
129 | ||
130 | proxy_port: The port number where the cache listens for proxy | |
131 | requests. | |
132 | ||
133 | icp_port: Used for querying neighbor caches about | |
134 | objects. To have a non-ICP neighbor | |
135 | specify '7' for the ICP port and make sure the | |
136 | neighbor machine has the UDP echo port | |
137 | enabled in its /etc/inetd.conf file. | |
138 | ||
139 | options: proxy-only | |
140 | weight=n | |
141 | ttl=n | |
142 | no-query | |
143 | default | |
144 | round-robin | |
145 | multicast-responder | |
146 | ||
147 | use 'proxy-only' to specify that objects fetched | |
148 | from this cache should not be saved locally. | |
149 | ||
150 | use 'weight=n' to specify a weighted parent. | |
151 | The weight must be an integer. The default weight | |
152 | is 1, larger weights are favored more. | |
153 | ||
154 | use 'ttl=n' to specify a IP multicast TTL to use | |
155 | when sending an ICP request to this address. | |
156 | Only useful when sending to a multicast group. | |
157 | Because we don't accept ICP replies from random | |
158 | hosts, you must configure other group members as | |
159 | peers with the 'multicast-responder' option below. | |
160 | ||
161 | use 'no-query' to NOT send ICP queries to this | |
162 | neighbor. | |
163 | ||
164 | use 'default' if this is a parent cache which can | |
165 | be used as a "last-resort." You should probably | |
166 | only use 'default' in situations where you cannot | |
167 | use ICP with your parent cache(s). | |
168 | ||
169 | use 'round-robin' to define a set of parents which | |
170 | should be used in a round-robin fashion in the | |
171 | absence of any ICP queries. | |
172 | ||
173 | 'multicast-responder' indicates that the named peer | |
174 | is a member of a multicast group. ICP queries will | |
175 | not be sent directly to the peer, but ICP replies | |
176 | will be accepted from it. | |
177 | ||
178 | NOTE: non-ICP neighbors must be specified as 'parent'. | |
179 | ||
180 | cache_host hostname type 3128 3130 | |
181 | DOC_END | |
182 | ||
183 | ||
184 | NAME: cache_host_domain | |
185 | TYPE: hostdomain | |
f1dc9b30 | 186 | DEFAULT: none |
187 | LOC: none | |
934b03fc | 188 | DOC_START |
189 | Use to limit the domains for which a neighbor cache will be queried. | |
190 | Usage: | |
191 | ||
192 | cache_host_domain cache-host domain [domain ...] | |
193 | cache_host_domain cache-host !domain | |
194 | ||
195 | For example, specifying | |
196 | ||
197 | cache_host_domain bigserver.usc.edu .edu | |
198 | ||
199 | has the effect such that UDP query packets are sent to | |
200 | 'bigserver' only when the requested object exists on a | |
201 | server in the .edu domain. Prefixing the domainname | |
202 | with '!' means that the cache will be queried for objects | |
203 | NOT in that domain. | |
204 | ||
205 | NOTE: * Any number of domains may be given for a cache-host, | |
206 | either on the same or separate lines. | |
207 | * When multiple domains are given for a particular | |
208 | cache-host, the first matched domain is applied. | |
209 | * Cache hosts with no domain restrictions are queried | |
210 | for all requests. | |
211 | * There are no defaults. | |
212 | * There is also a 'cache_host_acl' tag in the ACL | |
213 | section. | |
214 | DOC_END | |
215 | ||
216 | ||
217 | NAME: neighbor_type_domain | |
218 | TYPE: hostdomaintype | |
f1dc9b30 | 219 | DEFAULT: none |
220 | LOC: none | |
934b03fc | 221 | DOC_START |
222 | usage: neighbor_type_domain parent|sibling domain domain ... | |
223 | ||
224 | Modifying the neighbor type for specific domains is now | |
225 | possible. You can treat some domains differently than the the | |
226 | default neighbor type specified on the 'cache_host' line. | |
227 | Normally it should only be necessary to list domains which | |
228 | should be treated differently because the default neighbor type | |
229 | applies for hostnames which do not match domains listed here. | |
230 | ||
231 | EXAMPLE: | |
232 | cache_host parent cache.foo.org 3128 3130 | |
233 | neighbor_type_domain cache.foo.org sibling .com .net | |
234 | neighbor_type_domain cache.foo.org sibling .au .de | |
235 | DOC_END | |
236 | ||
237 | NAME: single_parent_bypass | |
238 | COMMENT: on|off | |
239 | TYPE: onoff | |
f1dc9b30 | 240 | DEFAULT: off |
934b03fc | 241 | LOC: Config.singleParentBypass |
242 | DOC_START | |
243 | This tag specifies that it is okay to bypass the hierarchy | |
244 | "Pinging" when there is only a single parent for a given URL. | |
245 | ||
246 | Usage: single_parent_bypass on|off | |
247 | ||
248 | Before actually sending ICP "ping" packets to parents and | |
249 | neighbors, we figure out which hosts would be pinged based | |
250 | on the cache_host_domain rules, etc. Often it may be the | |
251 | case that only a single parent cache would be pinged. | |
252 | ||
253 | Since there is only a single parent, there is a very good | |
254 | chance that we will end up fetching the object from that | |
255 | parent. For this reason, it may be beneficial to avoid | |
256 | the ping and just fetch the object anyway. | |
257 | ||
258 | However, if we avoid the ping, we will be assuming that the | |
259 | parent host is reachable and that the cache process is running. | |
260 | By using the ping, we can be reasonably sure that the parent | |
261 | host will be able to handle our request. If the ping fails then | |
262 | it may be possible to fetch the object directly from the source. | |
263 | ||
264 | To favor the resiliency provided by the ping algorithm, | |
265 | single_parent_bypass is 'off' by default. | |
266 | ||
267 | single_parent_bypass off | |
268 | DOC_END | |
269 | ||
270 | ||
271 | NAME: source_ping | |
272 | COMMENT: on|off | |
273 | TYPE: onoff | |
f1dc9b30 | 274 | DEFAULT: off |
934b03fc | 275 | LOC: Config.sourcePing |
276 | DOC_START | |
277 | If source_ping is enabled, then squid will include the source | |
278 | provider site in its selection algorithm. This is accomplished | |
279 | by sending ICP "HIT" packets to the UDP echo port of the source | |
280 | host. Note that using source_ping may send a fair amount of UDP | |
281 | traffic out on the Internet and may irritate paranoid network | |
282 | administrators. | |
283 | ||
284 | Note that source_ping is incompatible with inside_firewall. | |
285 | For hosts beyond the firewall, source_ping packets will never | |
286 | be sent. | |
287 | ||
288 | By default, source_ping is off. | |
289 | ||
290 | source_ping off | |
291 | DOC_END | |
292 | ||
293 | ||
294 | NAME: neighbor_timeout neighbour_timeout | |
295 | COMMENT: (seconds) | |
9e975e4e | 296 | DEFAULT: 2 seconds |
f1dc9b30 | 297 | TYPE: time_t |
934b03fc | 298 | LOC: Config.neighborTimeout |
299 | DOC_START | |
300 | This controls how long to wait for replies from neighbor caches. | |
301 | If none of the parent or neighbor caches reply before this many | |
302 | seconds (due to dropped packets or slow links), then the object | |
303 | request will be satisfied from the default source. The default | |
304 | timeout is two seconds. | |
305 | ||
306 | neighbor_timeout 2 seconds | |
307 | DOC_END | |
308 | ||
309 | ||
310 | NAME: hierarchy_stoplist | |
311 | TYPE: wordlist | |
1273d501 | 312 | DEFAULT: none |
934b03fc | 313 | LOC: Config.hierarchy_stoplist |
314 | DOC_START | |
315 | A list of words which, if found in a URL, cause the object to | |
316 | be handled directly by this cache. In other words, use this | |
317 | to not query neighbor caches for certain objects. You may | |
318 | list this option multiple times. | |
319 | ||
320 | The default is to directly fetch URLs containing 'cgi-bin' or '?'. | |
321 | ||
322 | hierarchy_stoplist cgi-bin ? | |
323 | DOC_END | |
324 | ||
325 | ||
326 | NAME: cache_stoplist | |
327 | TYPE: wordlist | |
1273d501 | 328 | DEFAULT: none |
934b03fc | 329 | LOC: Config.cache_stoplist |
330 | DOC_START | |
331 | A list of words which, if found in a URL, cause the object to | |
332 | immediately removed from the cache. In other words, use this | |
333 | to force certain objects to never be cached. You may list this | |
334 | option multiple times. | |
335 | ||
336 | The default is to not cache URLs containing 'cgi-bin' or '?'. | |
337 | ||
338 | cache_stoplist cgi-bin ? | |
339 | DOC_END | |
340 | ||
341 | ||
342 | NAME: cache_stoplist_pattern | |
934b03fc | 343 | TYPE: regexlist |
344 | LOC: Config.cache_stop_relist | |
1273d501 | 345 | DEFAULT: none |
934b03fc | 346 | DOC_START |
347 | Just like 'cache_stoplist' but you can use regular expressions | |
348 | instead of simple string matching. There is no default. | |
0153d498 | 349 | Insert -i to get case-insensitive regular expressions. |
934b03fc | 350 | |
351 | cache_stoplist_pattern | |
352 | DOC_END | |
353 | ||
354 | ||
355 | # OPTIONS WHICH AFFECT THE CACHE SIZE | |
356 | #----------------------------------------------------------------------------- | |
357 | ||
358 | ||
359 | NAME: cache_mem | |
9906e724 | 360 | COMMENT: (bytes) |
1b635117 | 361 | TYPE: b_size_t |
9906e724 | 362 | DEFAULT: 8 MB |
934b03fc | 363 | LOC: Config.Mem.maxSize |
364 | DOC_START | |
365 | Maximum amout of VM used to store objects in memory. | |
366 | This includes: | |
367 | in-transit objects, | |
368 | negative-cached objects, | |
369 | "hot" objects | |
370 | The value of cache_mem is an upper limit on the size of the | |
371 | "in-memory object data" pool. This is a pool of 4k pages used | |
372 | to hold object data. | |
373 | ||
374 | In-transit objects have priority over the others. When | |
375 | additional space is needed for incoming data, negative-cached | |
376 | and hot objects will be released. In other words, the | |
377 | negative-cached and hot objects will fill up any unused space | |
378 | not needed for in-transit objects. | |
379 | ||
380 | The values of cache_mem_low and cache_mem_high (below) can be | |
381 | used to tune the use of the memory pool. When the high mark is | |
382 | reached, in-transit and hot objects will be released to clear | |
383 | space. When an object transfer is completed, it will remain in | |
384 | memory only if the current memory usage is below the low water | |
385 | mark. | |
386 | ||
387 | The default is 8 Megabytes. | |
388 | ||
9906e724 | 389 | cache_mem 8 MB |
934b03fc | 390 | DOC_END |
391 | ||
392 | ||
393 | NAME: cache_swap_low | |
394 | COMMENT: (percent, 0-100) | |
395 | TYPE: int | |
396 | DEFAULT: 90 | |
397 | LOC: Config.Swap.lowWaterMark | |
398 | DOC_NONE | |
399 | ||
400 | NAME: cache_swap_high | |
401 | COMMENT: (percent, 0-100) | |
402 | TYPE: int | |
403 | DEFAULT: 95 | |
404 | LOC: Config.Swap.highWaterMark | |
405 | DOC_START | |
406 | The low- and high-water marks for cache LRU replacement. | |
407 | LRU replacement begins when the high-water mark is reached | |
408 | and ends when enough objects have been removed and the low-water | |
409 | mark is reached. Defaults are 90% and 95%. | |
410 | ||
411 | cache_swap_low 90 | |
412 | cache_swap_high 95 | |
413 | DOC_END | |
414 | ||
415 | ||
416 | NAME: cache_mem_low | |
417 | COMMENT: (in percent, 0-100) | |
418 | TYPE: int | |
419 | DEFAULT: 75 | |
420 | LOC: Config.Mem.lowWaterMark | |
421 | DOC_NONE | |
422 | ||
423 | NAME: cache_mem_high | |
424 | COMMENT: (in percent, 0-100) | |
425 | TYPE: int | |
426 | DEFAULT: 95 | |
427 | LOC: Config.Mem.highWaterMark | |
428 | DOC_START | |
429 | The low- and high-water mark for cache memory storage. When | |
430 | the amount of RAM used by the hot-object RAM cache reaches this | |
431 | point, the cache starts throwing objects out of the RAM cache | |
432 | (but they remain on disk). Defaults are 75% and 90%. | |
433 | ||
434 | cache_mem_low 75 | |
435 | cache_mem_high 90 | |
436 | DOC_END | |
437 | ||
438 | ||
439 | NAME: maximum_object_size | |
9e975e4e | 440 | COMMENT: (bytes) |
1b635117 | 441 | TYPE: b_size_t |
9906e724 | 442 | DEFAULT: 4096 KB |
934b03fc | 443 | LOC: Config.Store.maxObjectSize |
444 | DOC_START | |
445 | Objects larger than this size will NOT be saved on disk. The | |
446 | value is specified in kilobytes, and the default is 4MB. | |
447 | ||
9906e724 | 448 | maximum_object_size 4096 KB |
934b03fc | 449 | DOC_END |
450 | ||
451 | ||
452 | NAME: ipcache_size | |
453 | COMMENT: (number of entries) | |
454 | TYPE: int | |
455 | DEFAULT: 1024 | |
456 | LOC: Config.ipcache.size | |
457 | DOC_NONE | |
458 | ||
459 | NAME: ipcache_low | |
460 | COMMENT: (percent) | |
461 | TYPE: int | |
462 | DEFAULT: 90 | |
463 | LOC: Config.ipcache.low | |
464 | DOC_NONE | |
465 | ||
466 | NAME: ipcache_high | |
467 | COMMENT: (percent) | |
468 | TYPE: int | |
469 | DEFAULT: 95 | |
470 | LOC: Config.ipcache.high | |
471 | DOC_START | |
472 | The size, low-, and high-water marks for the IP cache. | |
473 | ||
474 | ipcache_size 1024 | |
475 | ipcache_low 90 | |
476 | ipcache_high 95 | |
477 | DOC_END | |
478 | ||
479 | ||
480 | # LOGFILE PATHNAMES AND CACHE DIRECTORIES | |
481 | #----------------------------------------------------------------------------- | |
482 | ||
483 | NAME: cache_dir | |
484 | TYPE: cachedir | |
f1dc9b30 | 485 | DEFAULT: none |
486 | LOC: Config.cacheSwap | |
934b03fc | 487 | DOC_START |
488 | Directory for on-disk cache storage. The cache will change into | |
489 | this directory when running. The default is | |
490 | /usr/local/squid/cache. | |
491 | ||
492 | You can specify multiple cache_dir lines to spread the | |
493 | cache among different disk partitions. | |
494 | ||
0153d498 | 495 | cache_dir /usr/local/squid/cache 1000 256 16 |
934b03fc | 496 | DOC_END |
497 | ||
498 | ||
499 | NAME: cache_access_log | |
500 | TYPE: string | |
d0b98f84 | 501 | DEFAULT: @DEFAULT_ACCESS_LOG@ |
934b03fc | 502 | LOC: Config.Log.access |
503 | DOC_START | |
504 | Logs the client request activity. Contains an entry for | |
505 | every HTTP and ICP request received. | |
506 | ||
507 | cache_access_log /usr/local/squid/logs/access.log | |
508 | DOC_END | |
509 | ||
510 | ||
511 | NAME: cache_log | |
512 | TYPE: string | |
0153d498 | 513 | DEFAULT: @DEFAULT_CACHE_LOG@ |
934b03fc | 514 | LOC: Config.Log.log |
515 | DOC_START | |
516 | Cache logging file. Set logging levels with "debug_options" below. | |
517 | ||
0153d498 | 518 | cache_log @DEFAULT_CACHE_LOG@ |
934b03fc | 519 | DOC_END |
520 | ||
521 | ||
522 | NAME: cache_store_log | |
523 | TYPE: string | |
0153d498 | 524 | DEFAULT: @DEFAULT_STORE_LOG@ |
934b03fc | 525 | LOC: Config.Log.store |
526 | DOC_START | |
527 | Logs the activities of the storage manager. Shows which | |
528 | objects are ejected from the cache, and which objects are | |
529 | saved and for how long. To disable, enter "none". | |
530 | ||
0153d498 | 531 | cache_store_log @DEFAULT_STORE_LOG@ |
934b03fc | 532 | DOC_END |
533 | ||
534 | ||
535 | NAME: cache_swap_log | |
536 | TYPE: string | |
537 | LOC: Config.Log.swap | |
1273d501 | 538 | DEFAULT: none |
934b03fc | 539 | DOC_START |
d0d3ec94 | 540 | Location for the cache "swap.log." This log file holds the |
934b03fc | 541 | metadata of objects saved on disk. It is used to rebuild the |
542 | cache during startup. Normally this file resides in the first | |
543 | 'cache_dir' directory, but you may specify an alternate | |
544 | pathname here. Note you must give a full filename, not just | |
545 | a directory. | |
546 | ||
547 | cache_swap_log | |
548 | DOC_END | |
549 | ||
550 | ||
551 | NAME: emulate_httpd_log | |
552 | COMMENT: on|off | |
553 | TYPE: onoff | |
f1dc9b30 | 554 | DEFAULT: off |
934b03fc | 555 | LOC: Config.commonLogFormat |
556 | DOC_START | |
557 | The Cache can emulate the log file format which many 'httpd' | |
558 | programs use. To disable/enable this emulation, set | |
559 | emulate_httpd_log to 'off' or 'on'. The default | |
560 | is to use the native log format. | |
561 | ||
562 | emulate_httpd_log off | |
563 | DOC_END | |
564 | ||
565 | ||
566 | NAME: mime_table | |
0153d498 | 567 | TYPE: pathname_stat |
568 | DEFAULT: @DEFAULT_MIME_TABLE@ | |
934b03fc | 569 | LOC: Config.mimeTablePathname |
570 | DOC_START | |
571 | Pathname to Squid's MIME table which has the format | |
572 | ||
573 | regex content-type icon content-encoding transfer-mode | |
574 | ||
0153d498 | 575 | mime_table @DEFAULT_MIME_TABLE@ |
934b03fc | 576 | DOC_END |
577 | ||
578 | ||
579 | NAME: log_mime_hdrs | |
580 | COMMENT: on|off | |
581 | TYPE: onoff | |
582 | LOC: Config.logMimeHdrs | |
f1dc9b30 | 583 | DEFAULT: off |
934b03fc | 584 | DOC_START |
585 | The Cache can record both the request and the response | |
586 | MIME headers for each HTTP transaction. The headers are | |
587 | encoded safely and will appear as two bracketed fields | |
588 | at the end of the access log (for either the native | |
589 | or httpd-emulated log formats). To enable this logging | |
590 | set log_mime_hdrs to 'on'. | |
591 | ||
592 | NOTE: support for this may require you to define | |
593 | LOG_FULL_HEADERS before compiling. | |
594 | ||
595 | log_mime_hdrs off | |
596 | DOC_END | |
597 | ||
598 | ||
599 | NAME: useragent_log | |
600 | TYPE: string | |
601 | LOC: Config.Log.useragent | |
f1dc9b30 | 602 | DEFAULT: none |
934b03fc | 603 | DOC_START |
604 | If compiled with "-DUSE_USERAGENT_LOG=1" Squid will write | |
605 | the User-Agent field from HTTP requests to the filename | |
606 | specified here. By default useragent_log is disabled. | |
607 | ||
608 | useragent_log none | |
609 | DOC_END | |
610 | ||
611 | ||
612 | NAME: pid_filename | |
613 | TYPE: string | |
0153d498 | 614 | DEFAULT: @DEFAULT_PID_FILE@ |
934b03fc | 615 | LOC: Config.pidFilename |
616 | DOC_START | |
617 | A pathname to write the process-id to. To disable, enter "none". | |
618 | ||
0153d498 | 619 | pid_filename @DEFAULT_PID_FILE@ |
934b03fc | 620 | DOC_END |
621 | ||
622 | ||
623 | NAME: debug_options | |
f1dc9b30 | 624 | TYPE: eol |
934b03fc | 625 | DEFAULT: ALL,1 |
626 | LOC: Config.debugOptions | |
627 | DOC_START | |
628 | Logging options are set as section,level where each source file | |
629 | is assigned a unique section. Lower levels result in less | |
630 | output, Full debugging (level 9) can result in a very large | |
631 | log file, so be careful. The magic word "ALL" sets debugging | |
632 | levels for all sections. We recommend normally running with | |
633 | "ALL,1". | |
634 | ||
635 | debug_options ALL,1 | |
636 | DOC_END | |
637 | ||
638 | ||
639 | NAME: ident_lookup | |
640 | COMMENT: on|off | |
641 | TYPE: onoff | |
f1dc9b30 | 642 | DEFAULT: off |
934b03fc | 643 | LOC: Config.identLookup |
644 | DOC_START | |
645 | If you wish to make an RFC931/ident lookup of the client username | |
646 | for each connection, enable this. It is off by default. | |
647 | ||
648 | ident_lookup off | |
649 | DOC_END | |
650 | ||
651 | ||
652 | NAME: log_fqdn | |
653 | COMMENT: on|off | |
654 | TYPE: onoff | |
f1dc9b30 | 655 | DEFAULT: off |
934b03fc | 656 | LOC: Config.Log.log_fqdn |
657 | DOC_START | |
658 | Turn this on if you wish to log fully qualified domain names | |
659 | in the access.log. | |
660 | ||
661 | log_fqdn off | |
662 | DOC_END | |
663 | ||
664 | ||
665 | NAME: client_netmask | |
666 | TYPE: address | |
667 | LOC: Config.Addrs.client_netmask | |
f1dc9b30 | 668 | DEFAULT: 255.255.255.255 |
934b03fc | 669 | DOC_START |
670 | A netmask for client addresses in logfiles and cachemgr output. | |
671 | Change this to protect the privacy of your cache clients. | |
672 | ||
673 | client_netmask 255.255.255.255 | |
674 | DOC_END | |
675 | ||
676 | ||
677 | # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS | |
678 | #----------------------------------------------------------------------------- | |
679 | ||
680 | # TAG: ftpget_program | |
681 | # Where to find the 'ftpget' program that retrieves FTP data (HTTP | |
682 | # and Gopher protocol support are built into the cache). | |
683 | # | |
684 | # To disable ftpget and the ability to retrieve FTP objects, set | |
685 | # this to "none". Note that ftpget is automatically disabled for | |
686 | # http_accel mode. | |
687 | # | |
688 | #ftpget_program @DEFAULT_FTPGET@ | |
689 | ||
690 | # TAG: ftpget_options | |
691 | # Options for the 'ftpget' program. Please run 'ftpget' without | |
692 | # any arguments to see a list of options. The default is | |
693 | # no options. An example is | |
694 | # | |
695 | # ftpget_options -n 60 -R -W | |
696 | # | |
697 | #ftpget_options | |
698 | ||
699 | NAME: ftp_user | |
700 | TYPE: string | |
701 | DEFAULT: squid@ | |
702 | LOC: Config.Ftp.anon_user | |
703 | DOC_START | |
704 | If you want the anonymous login password to be more informative | |
705 | (and enable the use of picky ftp servers), set this to something | |
706 | resonable for your domain, like wwwuser@somewhere.net | |
707 | ||
708 | The reason why this is domainless by default is that the | |
709 | request can be made on the behalf of a user in any domain, | |
710 | depending on how the cache is used. | |
711 | Some ftp server also validate that the email address is valid | |
712 | (for example perl.com). | |
713 | ||
714 | ftp_user squid@ | |
715 | DOC_END | |
716 | ||
365cb147 | 717 | NAME: ftp_list_width |
1b635117 | 718 | TYPE: size_t |
365cb147 | 719 | DEFAULT: 32 |
720 | LOC: Config.Ftp.list_width | |
721 | DOC_START | |
722 | ftp_list_width 32 | |
723 | DOC_END | |
724 | ||
934b03fc | 725 | |
726 | NAME: cache_dns_program | |
0153d498 | 727 | TYPE: pathname_stat |
728 | DEFAULT: @DEFAULT_DNSSERVER@ | |
934b03fc | 729 | LOC: Config.Program.dnsserver |
730 | DOC_START | |
731 | Specify the location of the executable for dnslookup process. | |
732 | ||
0153d498 | 733 | cache_dns_program @DEFAULT_DNSSERVER@ |
934b03fc | 734 | DOC_END |
735 | ||
736 | ||
737 | NAME: dns_children | |
738 | TYPE: int | |
739 | DEFAULT: 5 | |
740 | LOC: Config.dnsChildren | |
741 | DOC_START | |
742 | The number of processes spawn to service DNS name lookups. | |
743 | For heavily loaded caches on large servers, you should | |
744 | probably increase this value to at least 10. The maximum | |
745 | is 32. The default is 5. | |
746 | ||
747 | To disable dnsservers, set this to 0. NOTE, this is very | |
748 | strongly discouraged. If you disable dnsservers your Squid | |
749 | process will BLOCK on DNS lookups! | |
750 | ||
751 | dns_children 5 | |
752 | DOC_END | |
753 | ||
754 | ||
755 | NAME: dns_defnames | |
756 | COMMENT: on|off | |
757 | TYPE: onoff | |
f1dc9b30 | 758 | DEFAULT: off |
934b03fc | 759 | LOC: Config.Options.res_defnames |
760 | DOC_START | |
761 | Normally the 'dnsserver' disables the RES_DEFNAMES resolver | |
762 | option (see res_init(3)). This prevents caches in a hierarchy | |
763 | from interpreting single-component hostnames locally. To allow | |
764 | dnsserver to handle single-component names, enable this | |
765 | option. | |
766 | ||
767 | dns_defnames off | |
768 | DOC_END | |
769 | ||
770 | ||
771 | NAME: unlinkd_program | |
0153d498 | 772 | TYPE: pathname_stat |
773 | DEFAULT: @DEFAULT_UNLINKD@ | |
934b03fc | 774 | LOC: Config.Program.unlinkd |
775 | DOC_START | |
776 | Specify the location of the executable for file deletion process. | |
777 | ||
0153d498 | 778 | unlinkd_program @DEFAULT_UNLINKD@ |
934b03fc | 779 | DOC_END |
780 | ||
781 | ||
782 | NAME: pinger_program | |
0153d498 | 783 | TYPE: pathname_stat |
784 | DEFAULT: @DEFAULT_PINGER@ | |
934b03fc | 785 | LOC: Config.Program.pinger |
786 | DOC_START | |
787 | Specify the location of the executable for the pinger process. | |
788 | ||
0153d498 | 789 | pinger_program @DEFAULT_PINGER@ |
934b03fc | 790 | DOC_END |
791 | ||
792 | ||
793 | NAME: redirect_program | |
0153d498 | 794 | TYPE: pathname_stat |
934b03fc | 795 | LOC: Config.Program.redirect |
62607543 | 796 | DEFAULT: none |
934b03fc | 797 | DOC_START |
798 | Specify the location of the executable for the URL redirector. | |
799 | Currently, you must provide your own redirector program. | |
800 | See the Release-Notes for how to write one. | |
801 | By default, the redirector is not used. | |
802 | ||
803 | redirect_program /bin/false | |
804 | DOC_END | |
805 | ||
806 | ||
807 | NAME: redirect_children | |
808 | TYPE: int | |
809 | DEFAULT: 5 | |
810 | LOC: Config.redirectChildren | |
811 | DOC_START | |
812 | The number of redirector processes to spawn. | |
813 | ||
814 | redirect_children 5 | |
815 | DOC_END | |
816 | ||
817 | ||
818 | # OPTIONS FOR TUNING THE CACHE | |
819 | #----------------------------------------------------------------------------- | |
0153d498 | 820 | NAME: wais_relay_host |
821 | TYPE: string | |
1273d501 | 822 | DEFAULT: none |
0153d498 | 823 | LOC: Config.Wais.relayHost |
824 | DOC_NONE | |
934b03fc | 825 | |
0153d498 | 826 | NAME: wais_relay_port |
827 | TYPE: ushort | |
828 | DEFAULT: 0 | |
829 | LOC: Config.Wais.relayPort | |
934b03fc | 830 | DOC_START |
831 | Relay WAIS request to host (1st arg) at port (2 arg). | |
832 | ||
0153d498 | 833 | wais_relay_host localhost |
834 | wais_relay_port 8000 | |
934b03fc | 835 | DOC_END |
836 | ||
837 | ||
838 | NAME: request_size | |
9906e724 | 839 | COMMENT: (KB) |
840 | TYPE: kb_size_t | |
841 | DEFAULT: 100 KB | |
934b03fc | 842 | LOC: Config.maxRequestSize |
843 | DOC_START | |
844 | Maximum allowed request size in kilobytes. If people are using | |
845 | POST to upload files, then set this to the largest acceptable | |
846 | filesize plus a few extra kbytes. | |
847 | ||
9906e724 | 848 | request_size 100 KB |
934b03fc | 849 | DOC_END |
850 | ||
851 | ||
852 | NAME: refresh_pattern | |
934b03fc | 853 | TYPE: refreshpattern |
f1dc9b30 | 854 | LOC: Config.Refresh |
1273d501 | 855 | DEFAULT: none |
934b03fc | 856 | DOC_START |
857 | usage: refresh_pattern regex min percent max | |
858 | ||
859 | min and max are specified in MINUTES. | |
860 | percent is an integer number. | |
861 | ||
862 | Please see the file doc/Release-Notes-1.1.txt for a full | |
863 | description of Squid's refresh algorithm. Basically a | |
864 | cached object is: | |
865 | ||
866 | FRESH if age < min | |
867 | STALE if expires < now | |
868 | STALE if age > max | |
869 | FRESH if lm-factor < percent | |
870 | ||
871 | The refresh_pattern lines are checked in the order listed here. | |
872 | The first entry which matches is used. If none of the entries | |
873 | match, then the default will be used. | |
874 | ||
875 | Default: | |
876 | refresh_pattern . 0 20% 4320 | |
877 | DOC_END | |
878 | ||
879 | ||
880 | NAME: reference_age | |
f1dc9b30 | 881 | TYPE: time_t |
934b03fc | 882 | LOC: Config.referenceAge |
f1dc9b30 | 883 | DEFAULT: 1 year |
934b03fc | 884 | DOC_START |
885 | As a part of normal operation, Squid performs Least Recently | |
886 | Used removal of cached objects. The LRU age for removal is | |
887 | computed dynamically, based on the amount of disk space in | |
888 | use. The 'reference_age' value defines the maximum LRU age. | |
889 | For example, setting reference_age to '1 week' will cause | |
890 | objects to be removed if they have not been accessed for a week | |
891 | or more. If set to zero, LRU removal is disabled, and objects | |
892 | will be removed only when disk usage is over the high water | |
893 | mark. The default value is one year. | |
894 | ||
895 | Specify a number here, followed by units of time. For example: | |
896 | 1 week | |
897 | 3.5 days | |
898 | 4 months | |
899 | 2.2 hours | |
900 | ||
f1dc9b30 | 901 | reference_age 1 month |
934b03fc | 902 | DOC_END |
903 | ||
904 | ||
0153d498 | 905 | NAME: quick_abort_min |
9906e724 | 906 | COMMENT: (KB) |
907 | TYPE: kb_size_t | |
9e975e4e | 908 | DEFAULT: -1 kb |
0153d498 | 909 | LOC: Config.quickAbort.min |
910 | DOC_NONE | |
911 | ||
912 | NAME: quick_abort_pct | |
913 | COMMENT: (percent) | |
914 | TYPE: int | |
915 | DEFAULT: 0 | |
916 | LOC: Config.quickAbort.pct | |
917 | DOC_NONE | |
918 | ||
919 | NAME: quick_abort_max | |
9906e724 | 920 | COMMENT: (KB) |
921 | TYPE: kb_size_t | |
9e975e4e | 922 | DEFAULT: 0 kb |
0153d498 | 923 | LOC: Config.quickAbort.max |
934b03fc | 924 | DOC_START |
925 | By default the cache continues to retrieve objects from | |
926 | aborted requests. This may be undesirable on slow (e.g. SLIP) | |
927 | links and/or very busy caches. Impatient users may tie up | |
928 | file descriptors by repeatedly aborting and re-requesting | |
929 | non-cachable objects. | |
930 | ||
931 | Usage: quick_abort min-kbytes percent max-kbytes | |
932 | ||
933 | When the user aborts a request, Squid will check the | |
934 | quick_abort values to the amount of data transfered until | |
935 | then. | |
936 | ||
937 | If the transfer has less than 'min-kbytes' remaining, it | |
938 | will finish the retrieval. Setting minlength to -1 will | |
939 | disable the quick_abort feature. | |
940 | ||
941 | If the transfer has more than 'max-kbytes' remaining, it | |
942 | will abort the retrieval. | |
943 | ||
944 | If more than 'percent' of the transfer has completed, it will | |
945 | finish the retrieval. | |
946 | ||
0153d498 | 947 | quick_abort_min -1 |
948 | quick_abort_pct 0 | |
949 | quick_abort_max 0 | |
934b03fc | 950 | DOC_END |
951 | ||
952 | ||
953 | NAME: negative_ttl | |
954 | COMMENT: (in minutes) | |
f1dc9b30 | 955 | TYPE: time_t |
934b03fc | 956 | LOC: Config.negativeTtl |
9e975e4e | 957 | DEFAULT: 5 minutes |
934b03fc | 958 | DOC_START |
959 | Time-to-Live (TTL) for failed requests. Certain types of | |
960 | failures (such as "connection refused" and "404 Not Found") are | |
961 | negatively-cached for a small amount of time. The default is 5 | |
962 | minutes. Note that this is different from negative caching of | |
963 | DNS lookups. | |
964 | ||
965 | negative_ttl 5 minutes | |
966 | DOC_END | |
967 | ||
968 | ||
969 | NAME: positive_dns_ttl | |
970 | COMMENT: (in minutes) | |
f1dc9b30 | 971 | TYPE: time_t |
934b03fc | 972 | LOC: Config.positiveDnsTtl |
9e975e4e | 973 | DEFAULT: 6 hours |
934b03fc | 974 | DOC_START |
975 | Time-to-Live (TTL) for positive caching of successful DNS lookups. | |
976 | Default is 6 hours (360 minutes). If you want to minimize the | |
977 | use of Squid's ipcache, set this to 1, not 0. | |
978 | ||
9e975e4e | 979 | positive_dns_ttl 6 hours |
934b03fc | 980 | DOC_END |
981 | ||
982 | ||
983 | NAME: negative_dns_ttl | |
984 | COMMENT: (in minutes) | |
f1dc9b30 | 985 | TYPE: time_t |
934b03fc | 986 | LOC: Config.negativeDnsTtl |
9e975e4e | 987 | DEFAULT: 5 minutes |
934b03fc | 988 | DOC_START |
989 | Time-to-Live (TTL) for negative caching of failed DNS lookups. | |
990 | ||
991 | negative_dns_ttl 5 minutes | |
992 | DOC_END | |
993 | ||
994 | ||
995 | # TIMEOUTS | |
996 | #----------------------------------------------------------------------------- | |
997 | ||
998 | NAME: connect_timeout | |
999 | COMMENT: (in seconds) | |
f1dc9b30 | 1000 | TYPE: time_t |
934b03fc | 1001 | LOC: Config.Timeout.connect |
9e975e4e | 1002 | DEFAULT: 2 minutes |
934b03fc | 1003 | DOC_START |
1004 | Some systems (notably Linux) can not be relied upon to properly | |
1005 | time out connect(2) requests. Therefore the squid process | |
1006 | enforces its own timeout on server connections. This parameter | |
1007 | specifies how long to wait for the connect to complete. The | |
1008 | default is two minutes (120 seconds). | |
1009 | ||
1010 | connect_timeout 120 seconds | |
1011 | DOC_END | |
1012 | ||
1013 | ||
1014 | NAME: read_timeout | |
1015 | COMMENT: (in minutes) | |
f1dc9b30 | 1016 | TYPE: time_t |
934b03fc | 1017 | LOC: Config.Timeout.read |
9e975e4e | 1018 | DEFAULT: 15 minutes |
934b03fc | 1019 | DOC_START |
1020 | The read_timeout is applied on server-side connections. After | |
1021 | each successful read(), the timeout will be extended by this | |
1022 | amount. If no data is read again after this amount of time, | |
1023 | the request is aborted and logged with ERR_READ_TIMEOUT. The | |
1024 | default is 15 minutes. | |
1025 | ||
1026 | read_timeout 15 minutes | |
1027 | DOC_END | |
1028 | ||
1029 | ||
1030 | NAME: defer_timeout | |
1031 | COMMENT: (in minutes) | |
f1dc9b30 | 1032 | TYPE: time_t |
934b03fc | 1033 | LOC: Config.Timeout.defer |
9e975e4e | 1034 | DEFAULT: 1 hour |
934b03fc | 1035 | DOC_START |
1036 | If your clients are behind slow (e.g. PPP/SLIP) connections, | |
1037 | then data may come in from the server-side faster than it can | |
1038 | be written to the client-side. When the server side gets too | |
1039 | far ahead of the client-side, subsequent reads will be deferred | |
1040 | until the client catches up. This timeout determines how long | |
1041 | to wait while in "deferred read mode." The default is one | |
1042 | hour. | |
1043 | ||
9e975e4e | 1044 | defer_timeout 1 hour |
934b03fc | 1045 | DOC_END |
1046 | ||
1047 | ||
1048 | NAME: request_timeout | |
f1dc9b30 | 1049 | TYPE: time_t |
934b03fc | 1050 | LOC: Config.Timeout.request |
9e975e4e | 1051 | DEFAULT: 30 seconds |
934b03fc | 1052 | DOC_START |
1053 | How long to wait for an HTTP request after connection | |
1054 | establishment. For persistent connections, wait this long | |
1055 | after the previous request completes. | |
1056 | ||
1057 | defer_timeout 30 seconds | |
1058 | DOC_END | |
1059 | ||
1060 | ||
1061 | NAME: client_lifetime | |
1062 | COMMENT: (in minutes) | |
f1dc9b30 | 1063 | TYPE: time_t |
934b03fc | 1064 | LOC: Config.Timeout.lifetime |
9e975e4e | 1065 | DEFAULT: 1 day |
934b03fc | 1066 | DOC_START |
1067 | The maximum amount of time that a client (browser) is allowed to | |
1068 | remain connected to the cache process. This protects the Cache | |
1069 | from having alot of sockets (and hence file descriptors) tied up | |
1070 | in a CLOSE_WAIT state from remote clients that go away without | |
1071 | properly shutting down (either because of a network failure or | |
1072 | because of a poor client implementation). The default is one | |
1073 | day, 1440 minutes. | |
1074 | ||
1075 | NOTE: The default value is intended to be much larger than any | |
1076 | client would ever need to be connected to your cache. You | |
1077 | should probably change client_lifetime only as a last resort. | |
1078 | If you seem to have many client connections tying up | |
1079 | filedescriptors, we recommend first tuning the read_timeout, | |
1080 | defer_timeout, and quick_abort values. | |
1081 | ||
1082 | client_lifetime 1 day | |
1083 | DOC_END | |
1084 | ||
1085 | ||
1086 | NAME: shutdown_lifetime | |
1087 | COMMENT: (in seconds) | |
f1dc9b30 | 1088 | TYPE: time_t |
934b03fc | 1089 | LOC: Config.shutdownLifetime |
9e975e4e | 1090 | DEFAULT: 30 seconds |
934b03fc | 1091 | DOC_START |
1092 | When SIGTERM or SIGHUP is received, the cache is put into | |
1093 | "shutdown pending" mode until all active sockets are closed. | |
1094 | This value is the lifetime to set for all open descriptors | |
1095 | during shutdown mode. Any active clients after this many | |
1096 | seconds will receive a 'timeout' message. | |
1097 | ||
1098 | shutdown_lifetime 30 seconds | |
1099 | DOC_END | |
1100 | ||
1101 | ||
1102 | # ACCESS CONTROLS | |
1103 | #----------------------------------------------------------------------------- | |
1104 | ||
1105 | NAME: acl | |
1106 | TYPE: acl | |
f1dc9b30 | 1107 | LOC: Config.aclList |
1108 | DEFAULT: none | |
934b03fc | 1109 | DOC_START |
1110 | Defining an Access List | |
1111 | ||
1112 | acl aclname acltype string1 ... | |
1113 | acl aclname acltype "file" ... | |
1114 | ||
1115 | when using "file", the file should contain one item per line | |
1116 | ||
1117 | acltype is one of src dst srcdomain dstdomain url_pattern | |
1118 | urlpath_pattern time port proto method browser user | |
1119 | ||
1120 | acl aclname src ip-address/netmask ... (clients IP address) | |
1121 | acl aclname src addr1-addr2/netmask ... (range of addresses) | |
1122 | acl aclname dst ip-address/netmask ... (URL host's IP address) | |
1123 | acl aclname srcdomain foo.com ... (taken from reverse DNS lookup) | |
1124 | acl aclname dstdomain foo.com ... (taken from the URL) | |
1125 | acl aclname time [day-abbrevs] [h1:m1-h2:m2] | |
1126 | day-abbrevs: | |
1127 | S - Sunday | |
1128 | M - Monday | |
1129 | T - Tuesday | |
1130 | W - Wednesday | |
1131 | H - Thursday | |
1132 | F - Friday | |
1133 | A - Saturday | |
1134 | h1:m1 must be less than h2:m2 | |
1135 | acl aclname url_regex ^http:// ... # regex matching on whole URL | |
1136 | acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only | |
1137 | acl aclname port 80 70 21 ... | |
1138 | acl aclname proto HTTP FTP ... | |
1139 | acl aclname method GET POST ... | |
1140 | acl aclname browser regexp | |
1141 | acl aclname user username ... # string match on ident output. | |
1142 | # use REQUIRED to accept any | |
1143 | # non-null ident. | |
1144 | ||
1145 | acl manager proto cache_object | |
1146 | acl localhost src 127.0.0.1/255.255.255.255 | |
1147 | acl all src 0.0.0.0/0.0.0.0 | |
1148 | ||
1149 | acl SSL_ports port 443 563 | |
1150 | acl Dangerous_ports port 7 9 19 | |
1151 | acl CONNECT method CONNECT | |
1152 | DOC_END | |
1153 | ||
1154 | NAME: http_access | |
1155 | TYPE: acl_access | |
f1dc9b30 | 1156 | LOC: Config.accessList.http |
1157 | DEFAULT: none | |
934b03fc | 1158 | DOC_START |
1159 | Allowing or Denying access based on defined access lists | |
1160 | ||
1161 | Access to the HTTP port: | |
1162 | http_access allow|deny [!]aclname ... | |
1163 | ||
1164 | Access to the ICP port: | |
1165 | icp_access allow|deny [!]aclname ... | |
1166 | ||
1167 | NOTE on default values: | |
1168 | ||
1169 | If there are no "access" lines present, the default is to allow | |
1170 | the request. | |
1171 | ||
1172 | If none of the "access" lines cause a match, the default is the | |
1173 | opposite of the last line in the list. If the last line was | |
1174 | deny, then the default is allow. Conversely, if the last line | |
1175 | is allow, the default will be deny. For these reasons, it is a | |
1176 | good idea to have an "deny all" or "allow all" entry at the end | |
1177 | of your access lists to avoid potential confusion. | |
1178 | ||
1179 | ||
1180 | Only allow access to the cache manager functions from the local host. | |
1181 | http_access deny manager !localhost | |
1182 | http_access deny CONNECT !SSL_ports | |
1183 | http_access deny Dangerous_ports | |
1184 | ||
1185 | Allow everything else | |
1186 | http_access allow all | |
1187 | DOC_END | |
1188 | ||
1189 | ||
1190 | NAME: icp_access | |
1191 | TYPE: acl_access | |
f1dc9b30 | 1192 | LOC: Config.accessList.icp |
1193 | DEFAULT: none | |
934b03fc | 1194 | DOC_START |
1195 | Reply to all ICP queries we receive | |
1196 | ||
1197 | icp_access allow all | |
1198 | DOC_END | |
1199 | ||
1200 | ||
1201 | NAME: miss_access | |
1202 | TYPE: acl_access | |
f1dc9b30 | 1203 | LOC: Config.accessList.miss |
1204 | DEFAULT: none | |
934b03fc | 1205 | DOC_START |
1206 | Use to force your neighbors to use you as a sibling instead of | |
1207 | a parent. For example: | |
1208 | ||
1209 | acl localclients src 172.16.0.0/16 | |
1210 | miss_access allow localclients | |
1211 | miss_access deny !localclients | |
1212 | ||
1213 | This means that only your local clients are allowed to fetch | |
1214 | MISSES and all other clients can only fetch HITS. | |
1215 | ||
1216 | By default, allow all clients who passed the http_access rules | |
1217 | to fetch MISSES from us. | |
1218 | ||
1219 | miss_access allow all | |
1220 | DOC_END | |
1221 | ||
1222 | ||
1223 | NAME: cache_host_acl | |
f1dc9b30 | 1224 | TYPE: peeracl |
1225 | DEFAULT: none | |
1226 | LOC: none | |
934b03fc | 1227 | DOC_START |
1228 | Just like 'cache_host_domain' but provides more flexibility by | |
1229 | using ACL's. | |
1230 | ||
1231 | cache_host_acl cache-host [!]aclname ... | |
1232 | ||
1233 | NOTE: * Any number of ACL's may be given for a cache-host, | |
1234 | either on the same or separate lines. | |
1235 | * When multiple ACL's are given for a particular | |
1236 | cache-host, the first matched ACL is applied. | |
1237 | * Cache hosts with no domain or ACL restrictions are | |
1238 | queried for all requests. | |
1239 | * There are no defaults. | |
1240 | DOC_END | |
1241 | ||
1242 | ||
1243 | # ADMINISTRATIVE PARAMETERS | |
1244 | #----------------------------------------------------------------------------- | |
1245 | ||
1246 | NAME: cache_mgr | |
1247 | TYPE: string | |
1248 | DEFAULT: webmaster | |
1249 | LOC: Config.adminEmail | |
1250 | DOC_START | |
1251 | Email-address of local cache manager who will receive | |
1252 | mail if the cache dies. The default is "webmaster." | |
1253 | ||
1254 | cache_mgr webmaster | |
1255 | DOC_END | |
1256 | ||
1257 | ||
1258 | NAME: cache_effective_user | |
0153d498 | 1259 | TYPE: string |
1273d501 | 1260 | DEFAULT: none |
0153d498 | 1261 | LOC: Config.effectiveUser |
1262 | DOC_NONE | |
1263 | ||
1264 | NAME: cache_effective_group | |
1265 | TYPE: string | |
1273d501 | 1266 | DEFAULT: none |
0153d498 | 1267 | LOC: Config.effectiveGroup |
934b03fc | 1268 | DOC_START |
1269 | If the cache is run as root, it will change its effective/real | |
1270 | UID/GID to the UID/GID specified below. The default is not to | |
1271 | change UID/GID. | |
1272 | ||
0153d498 | 1273 | cache_effective_user nobody |
1274 | cache_effective_group nogroup | |
934b03fc | 1275 | DOC_END |
1276 | ||
1277 | ||
1278 | NAME: visible_hostname | |
1279 | TYPE: string | |
1280 | LOC: Config.visibleHostname | |
f1dc9b30 | 1281 | DEFAULT: none |
934b03fc | 1282 | DOC_START |
1283 | If you want to present a special hostname in error messages, etc, | |
1284 | then define this. Otherwise, the return value of gethostname() | |
1285 | will be used. | |
1286 | ||
1287 | visible_hostname www-cache.foo.org | |
1288 | DOC_END | |
1289 | ||
1290 | ||
1291 | # OPTIONS FOR THE CACHE REGISTRATION SERVICE | |
1292 | #----------------------------------------------------------------------------- | |
1293 | ||
1294 | # This section contains parameters for the (optional) cache | |
1295 | # announcement service. This service is provided to help | |
1296 | # cache administrators locate one another in order to join or | |
1297 | # create cache hierarchies. | |
1298 | # | |
1299 | # An 'announcement' message is sent (via UDP) to the registration | |
1300 | # service by Squid. By default, the annoucement message is NOT | |
1301 | # SENT unless you enable it with 'cache_announce' below. | |
1302 | # | |
1303 | # The announcement message includes your hostname, plus the | |
1304 | # following information from this configuration file: | |
1305 | # | |
1306 | # http_port | |
1307 | # icp_port | |
1308 | # cache_mgr | |
1309 | # | |
1310 | # All current information is processed regularly and made | |
1311 | # available on the Web at http://www.nlanr.net/Cache/Tracker/. | |
1312 | ||
1313 | ||
f1dc9b30 | 1314 | NAME: announce_period |
1315 | TYPE: time_t | |
1316 | LOC: Config.Announce.period | |
9e975e4e | 1317 | DEFAULT: 1 day |
934b03fc | 1318 | DOC_START |
1319 | This is how frequently to send cache announcements. The default | |
1320 | is `0' which disables sending the announcement messages. | |
1321 | ||
1322 | To enable announcing your cache, just uncomment the line below. | |
1323 | ||
9e975e4e | 1324 | announce_period 1 day |
934b03fc | 1325 | DOC_END |
1326 | ||
1327 | ||
f1dc9b30 | 1328 | NAME: announce_host |
1329 | TYPE: string | |
1330 | DEFAULT: sd.cache.nlanr.net | |
1331 | LOC: Config.Announce.host | |
1332 | DOC_NONE | |
1333 | ||
1334 | NAME: announce_port | |
1335 | TYPE: ushort | |
1336 | DEFAULT: 3131 | |
1337 | LOC: Config.Announce.port | |
934b03fc | 1338 | DOC_START |
1339 | This is the hostname and portnumber where the registration message | |
1340 | will be sent. | |
1341 | ||
1342 | Format: announce_to host[:port] [filename] | |
1343 | ||
1344 | Hostname will default to 'sd.cache.nlanr.net' and port will default | |
1345 | to 3131. If the 'filename' argument is given, the contents of that | |
1346 | file will be included in the announce message. | |
1347 | ||
f1dc9b30 | 1348 | announce_host sd.cache.nlanr.net |
1349 | announce_port 3131 | |
934b03fc | 1350 | DOC_END |
1351 | ||
f1dc9b30 | 1352 | NAME: announce_file |
1353 | TYPE: pathname_stat | |
1354 | DEFAULT: /dev/null | |
1355 | LOC: Config.Announce.file | |
1356 | DOC_NONE | |
1357 | ||
934b03fc | 1358 | |
1359 | # HTTPD-ACCELERATOR OPTIONS | |
1360 | #----------------------------------------------------------------------------- | |
1361 | ||
f1dc9b30 | 1362 | NAME: httpd_accel_host |
1363 | TYPE: string | |
1364 | LOC: Config.Accel.host | |
1365 | DEFAULT: none | |
1366 | DOC_NONE | |
1367 | ||
1368 | NAME: httpd_accel_port | |
1369 | TYPE: ushort | |
1370 | LOC: Config.Accel.port | |
1371 | DEFAULT: 0 | |
934b03fc | 1372 | DOC_START |
1373 | If you want to run squid as an httpd accelerator, define the | |
1374 | host name and port number where the real HTTP server is. | |
1375 | ||
1376 | If you want virtual host support then specify the hostname | |
1377 | as "virtual". | |
1378 | ||
f1dc9b30 | 1379 | httpd_accel_host hostname |
1380 | httpd_accel_port port | |
934b03fc | 1381 | DOC_END |
1382 | ||
1383 | ||
1384 | NAME: httpd_accel_with_proxy | |
1385 | COMMENT: on|off | |
1386 | TYPE: onoff | |
f1dc9b30 | 1387 | DEFAULT: off |
934b03fc | 1388 | LOC: Config.Accel.withProxy |
1389 | DOC_START | |
1390 | If you want to use squid as both a local httpd accelerator | |
1391 | and as a proxy, change this to 'on'. | |
1392 | ||
1393 | httpd_accel_with_proxy off | |
1394 | DOC_END | |
1395 | ||
1396 | ||
1397 | NAME: httpd_accel_uses_host_header | |
1398 | COMMENT: on|off | |
1399 | TYPE: onoff | |
f1dc9b30 | 1400 | DEFAULT: off |
934b03fc | 1401 | LOC: opt_accel_uses_host |
1402 | DOC_START | |
1403 | HTTP/1.1 requests include a Host: header which is basically the | |
1404 | hostname from the URL. Squid can be an accelerator for | |
1405 | different HTTP servers by looking at this header. However, | |
1406 | Squid does NOT check the value of the Host header, so it opens | |
1407 | a big security hole. We recommend that this option remain | |
1408 | disabled unless you are sure of what you are doing. | |
1409 | ||
1410 | httpd_accel_uses_host_header off | |
1411 | DOC_END | |
1412 | ||
1413 | ||
1414 | # MISCELLANEOUS | |
1415 | #----------------------------------------------------------------------------- | |
1416 | ||
1417 | NAME: dns_testnames | |
1418 | TYPE: wordlist | |
1419 | LOC: Config.dns_testname_list | |
f1dc9b30 | 1420 | DEFAULT: none |
934b03fc | 1421 | DOC_START |
1422 | The DNS tests exit as soon as the first site is successfully looked up | |
1423 | ||
1424 | If you want to disable DNS tests, do not comment out or delete this | |
1425 | list. Instead use the -D command line option | |
1426 | ||
1427 | dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu | |
1428 | DOC_END | |
1429 | ||
1430 | ||
1431 | NAME: logfile_rotate | |
1432 | TYPE: int | |
1433 | DEFAULT: 10 | |
1434 | LOC: Config.Log.rotateNumber | |
1435 | DOC_START | |
1436 | Specifies the number of logfile rotations to make upon receiving | |
1437 | a USR1 signal. The default is 10, which will rotate with | |
1438 | extensions 0 through 9. Setting logfile_rotate to 0 will | |
1439 | disable the rotation, but the logfiles are still closed and | |
1440 | re-opened. This will enable you to rename the logfiles yourself | |
1441 | just before sending a USR1 signal to the squid process. | |
1442 | ||
1443 | logfile_rotate 10 | |
1444 | DOC_END | |
1445 | ||
1446 | ||
1447 | NAME: append_domain | |
f1dc9b30 | 1448 | TYPE: string |
1449 | LOC: Config.appendDomain | |
1450 | DEFAULT: none | |
934b03fc | 1451 | DOC_START |
1452 | Appends local domain name to hostnames without any dots in them. | |
1453 | append_domain must begin with a period. | |
1454 | ||
1455 | append_domain .yourdomain.com | |
1456 | DOC_END | |
1457 | ||
1458 | ||
1459 | NAME: tcp_recv_bufsize | |
89de058c | 1460 | COMMENT: (bytes) |
1b635117 | 1461 | TYPE: b_size_t |
89de058c | 1462 | DEFAULT: 0 bytes |
934b03fc | 1463 | LOC: Config.tcpRcvBufsz |
1464 | DOC_START | |
1465 | Size of receive buffer to set for TCP sockets. Probably just | |
1466 | as easy to change your kernel's default. Set to zero to use | |
1467 | the default buffer size. | |
1468 | ||
89de058c | 1469 | tcp_recv_bufsize 0 bytes |
934b03fc | 1470 | DOC_END |
1471 | ||
0153d498 | 1472 | NAME: proxy_auth_passwd |
1473 | TYPE: string | |
1474 | LOC: Config.proxyAuth.File | |
1273d501 | 1475 | DEFAULT: none |
0153d498 | 1476 | DOC_NONE |
934b03fc | 1477 | |
0153d498 | 1478 | NAME: proxy_auth_ignore |
1479 | TYPE: regexlist | |
1480 | LOC: Config.proxyAuth.IgnoreDomains | |
1273d501 | 1481 | DEFAULT: none |
0153d498 | 1482 | DOC_START |
934b03fc | 1483 | 'passwd_file' is an apache-style file of passwords for |
1484 | authenticated proxy access Looks like user:password, with the | |
1485 | password being standard crypt() format. Proxy authentication | |
1486 | is disabled by default. | |
1487 | ||
0153d498 | 1488 | 'proxy_auth_ignore' is a regular-expression list of domain names |
1489 | (source or destination??) | |
1490 | for which authorization will *not* be required. | |
934b03fc | 1491 | |
1492 | NOTE, proxy_auth support is not compiled into Squid by default. | |
1493 | To use this feature you must enable the USE_PROXY_AUTH option | |
1494 | near the top of src/Makefile. | |
1495 | ||
0153d498 | 1496 | Insert -i to get case-insensitive regular expressions. |
1497 | ||
1498 | proxy_auth_passwd /dev/null | |
1499 | proxy_auth_ignore | |
934b03fc | 1500 | DOC_END |
1501 | ||
1502 | ||
1503 | NAME: err_html_text | |
f1dc9b30 | 1504 | TYPE: eol |
1505 | LOC: Config.errHtmlText | |
1506 | DEFAULT: none | |
934b03fc | 1507 | DOC_START |
1508 | HTML text to include in error messages. Make this a "mailto" | |
1509 | URL to your admin address, or maybe just a link to your | |
1510 | organizations Web page. | |
1511 | ||
1512 | err_html_text | |
1513 | DOC_END | |
1514 | ||
1515 | ||
1516 | NAME: deny_info | |
1517 | TYPE: denyinfo | |
1518 | LOC: Config.denyInfoList | |
f1dc9b30 | 1519 | DEFAULT: none |
934b03fc | 1520 | DOC_START |
1521 | Usage: deny_info URL acl | |
1522 | ||
1523 | This can be used to return a HTTP redirect for requests which | |
1524 | do not pass the 'http_access' rules. A single ACL will cause | |
1525 | the http_access check to fail. If a 'deny_info' line exists | |
1526 | for that ACL then Squid returns a redirect to the given URL. | |
1527 | DOC_END | |
1528 | ||
1529 | ||
1530 | NAME: udp_hit_obj | |
1531 | COMMENT: on|off | |
1532 | TYPE: onoff | |
f1dc9b30 | 1533 | DEFAULT: off |
934b03fc | 1534 | LOC: opt_udp_hit_obj |
1535 | DOC_START | |
1536 | If set, Squid will request UDP_HIT_OBJ replies from its | |
1537 | neighbors. UDP_HIT_OBJ is nice because it saves bandwidth, but | |
1538 | it can cause some other problems. For one it complicates | |
1539 | calculating hit rates. Also, problems arise because the ICP | |
1540 | query does not contain any HTTP request headers which may | |
1541 | affect the reply. | |
1542 | ||
1543 | udp_hit_obj off | |
1544 | DOC_END | |
1545 | ||
1546 | ||
1547 | NAME: udp_hit_obj_size | |
89de058c | 1548 | COMMENT: (bytes) |
1b635117 | 1549 | TYPE: b_size_t |
934b03fc | 1550 | LOC: Config.udpMaxHitObjsz |
89de058c | 1551 | DEFAULT: 0 bytes |
934b03fc | 1552 | DOC_START |
1553 | If set, Squid will limit UDP_HIT_OBJ size to be less than | |
1554 | this value. Setting this value to more than SQUID_UDP_SO_SNDBUF | |
1555 | will not work as expected. Set to zero to select the size | |
1556 | permited by the socket. | |
89de058c | 1557 | udp_hit_obj_size 0 bytes |
934b03fc | 1558 | DOC_END |
1559 | ||
1560 | ||
1561 | NAME: memory_pools | |
1562 | COMMENT: on|off | |
1563 | TYPE: onoff | |
f1dc9b30 | 1564 | DEFAULT: on |
934b03fc | 1565 | LOC: opt_mem_pools |
1566 | DOC_START | |
1567 | If set, Squid will keep pools of allocated (but unused) memory | |
1568 | available for future use. If memory is a premium on your | |
1569 | system, disable this. | |
1570 | ||
1571 | memory_pools on | |
1572 | DOC_END | |
1573 | ||
1574 | NAME: forwarded_for | |
1575 | COMMENT: on|off | |
1576 | TYPE: onoff | |
f1dc9b30 | 1577 | DEFAULT: on |
934b03fc | 1578 | LOC: opt_forwarded_for |
1579 | DOC_START | |
1580 | If set, Squid will include your system's IP address or name | |
1581 | in the HTTP requests it forwards. By default it looks like | |
1582 | this: | |
1583 | ||
1584 | X-Forwarded-For: 192.1.2.3 | |
1585 | ||
1586 | If you disable this, it will appear as | |
1587 | ||
1588 | X-Forwarded-For: unknown | |
1589 | ||
1590 | forwarded_for on | |
1591 | DOC_END | |
1592 | ||
1593 | NAME: log_icp_queries | |
1594 | COMMENT: on|off | |
1595 | TYPE: onoff | |
f1dc9b30 | 1596 | DEFAULT: on |
934b03fc | 1597 | LOC: Config.Options.log_udp |
1598 | DOC_START | |
1599 | If set, ICP queries are logged to access.log. ICP logging | |
1600 | is enabled by default, so uncomment and change the line | |
1601 | below to disable it. | |
1602 | ||
1603 | log_icp_queries on | |
1604 | DOC_END | |
1605 | ||
88738790 | 1606 | NAME: icp_hit_stale |
1607 | COMMENT: on|off | |
1608 | TYPE: onoff | |
1609 | DEFAULT: off | |
1610 | LOC: Config.Options.icp_hit_stale | |
1611 | DOC_START | |
1612 | If you want to return ICP_HIT for stale cache objects, set this | |
1613 | option to 'on'. If you have sibling relationships with caches | |
1614 | in other administrative domains, this should be 'off'. If you only | |
1615 | have sibling relationships with caches under your control, then | |
1616 | it is probably okay to set this to 'on'. | |
1617 | ||
1618 | icp_hit_stale off | |
1619 | DOC_END | |
1620 | ||
934b03fc | 1621 | |
1622 | NAME: minimum_direct_hops | |
1623 | TYPE: int | |
1624 | DEFAULT: 4 | |
1625 | LOC: Config.minDirectHops | |
1626 | DOC_START | |
1627 | If using the ICMP pinging stuff, do direct fetches for sites | |
1628 | which are no more than this many hops away. | |
1629 | ||
1630 | minimum_direct_hops 4 | |
1631 | DOC_END | |
1632 | ||
1633 | ||
1634 | NAME: cachemgr_passwd | |
1635 | TYPE: cachemgrpasswd | |
86101e40 | 1636 | DEFAULT: none |
f1dc9b30 | 1637 | LOC: Config.passwd_list |
934b03fc | 1638 | DOC_START |
1639 | Specify passwords for cachemgr operations. | |
1640 | ||
1641 | Usage: cachemgr_passwd password action action ... | |
1642 | ||
1643 | valid actions are: | |
1644 | shutdown * | |
1645 | info | |
1646 | stats/objects | |
1647 | stats/vm_objects | |
1648 | stats/utilization | |
1649 | stats/ipcache | |
1650 | stats/fqdncache | |
1651 | stats/dns | |
1652 | stats/redirector | |
1653 | stats/io | |
1654 | stats/reply_headers | |
1655 | stats/filedescriptors | |
1656 | stats/netdb | |
1657 | log/status * | |
1658 | log/enable * | |
1659 | log/disable * | |
1660 | log/clear * | |
1661 | log * | |
1662 | parameter | |
1663 | server_list | |
1664 | client_list | |
1665 | squid.conf * | |
1666 | ||
1667 | * Indicates actions which will not be performed without a | |
1668 | valid password, others can be performed if not listed here. | |
1669 | ||
1670 | To disable an action, set the password to "disable". | |
1671 | To allow performing an action without a password, set the | |
1672 | password to "none". | |
1673 | ||
1674 | Use the keyword "all" to set the same password for all actions. | |
1675 | ||
1676 | cachemgr_passwd secret shutdown | |
1677 | cachemgr_passwd lesssssssecret info stats/objects | |
1678 | cachemgr_passwd disable all | |
1679 | DOC_END | |
1680 | ||
1681 | ||
1682 | # TAG: swap_level1_dirs | |
1683 | # Number of first-level directories to create for storing cached | |
1684 | # objects. Minimum 1, maximum 256, default 16. | |
1685 | # | |
1686 | #swap_level1_dirs 16 | |
1687 | ||
1688 | # TAG: swap_level2_dirs | |
1689 | # Number of sub-directories to create under each first-level | |
1690 | # directory. Minimum 1, maximum 256, default 256. | |
1691 | # | |
1692 | #swap_level2_dirs 256 | |
1693 | ||
1694 | NAME: store_avg_object_size | |
86101e40 | 1695 | COMMENT: (kbytes) |
1696 | TYPE: kb_size_t | |
89de058c | 1697 | DEFAULT: 20 KB |
934b03fc | 1698 | LOC: Config.Store.avgObjectSize |
1699 | DOC_START | |
1700 | Average object size, used to estimate number of objects your | |
1701 | cache can hold. See doc/Release-Notes-1.1.txt. The default is | |
1702 | 20K. | |
1703 | ||
89de058c | 1704 | store_avg_object_size 20 KB |
934b03fc | 1705 | DOC_END |
1706 | ||
1707 | NAME: store_objects_per_bucket | |
1708 | TYPE: int | |
1709 | DEFAULT: 50 | |
1710 | LOC: Config.Store.objectsPerBucket | |
1711 | DOC_START | |
1712 | Target number of objects per bucket in the store hash table. | |
1713 | Lowering this value increases the total number of buckets and | |
1714 | also the storage maintenance rate. The default is 20. | |
1715 | ||
1716 | store_objects_per_bucket 20 | |
1717 | DOC_END | |
1718 | ||
1719 | ||
1720 | NAME: http_anonymizer | |
1721 | TYPE: httpanonymizer | |
1722 | LOC: Config.Options.anonymizer | |
f1dc9b30 | 1723 | DEFAULT: off |
934b03fc | 1724 | DOC_START |
1725 | If you want to filter out certain HTTP request headers for | |
1726 | privacy reasons, enable this option. There are three | |
1727 | appropriate settings: | |
1728 | 'off' All HTTP request headers are passed. | |
1729 | 'standard' Specific headers are removed | |
1730 | 'paranoid' Only specific headers are allowed. | |
1731 | To see which headers are allowed or denied, please see the | |
1732 | http-anon.c source file. | |
1733 | ||
1734 | http_anonymizer off | |
1735 | DOC_END | |
1736 | ||
1737 | ||
1738 | NAME: client_db | |
1739 | COMMENT: on|off | |
1740 | TYPE: onoff | |
f1dc9b30 | 1741 | DEFAULT: on |
934b03fc | 1742 | LOC: Config.Options.client_db |
1743 | DOC_START | |
1744 | If you want to disable collecting per-client statistics, then | |
1745 | turn off client_db here. | |
1746 | ||
1747 | client_db on | |
1748 | DOC_END | |
1749 | ||
1750 | ||
1751 | NAME: netdb_low | |
1752 | TYPE: int | |
1753 | DEFAULT: 900 | |
1754 | LOC: Config.Netdb.low | |
1755 | DOC_NONE | |
1756 | ||
1757 | NAME: netdb_high | |
1758 | TYPE: int | |
1759 | DEFAULT: 1000 | |
1760 | LOC: Config.Netdb.high | |
1761 | DOC_START | |
1762 | The low and high water marks for the ICMP measurement | |
1763 | database. These are counts, not percents. The defaults are | |
1764 | 900 and 1000. When the high water mark is reached, database | |
1765 | entries will be deleted until the low mark is reached. | |
1766 | ||
1767 | netdb_low 900 | |
1768 | netdb_high 1000 | |
1769 | DOC_END | |
1770 | ||
1771 | ||
1772 | NAME: netdb_ping_period | |
f1dc9b30 | 1773 | TYPE: time_t |
934b03fc | 1774 | LOC: Config.Netdb.period |
9e975e4e | 1775 | DEFAULT: 5 minutes |
934b03fc | 1776 | DOC_START |
1777 | The minimum period for measuring a site. There will be at | |
1778 | least this much delay between successive pings to the same | |
1779 | network. The default is five minutes. | |
1780 | ||
1781 | netdb_ping_period 5 minutes | |
1782 | DOC_END | |
1783 | ||
1784 | ||
1785 | NAME: query_icmp | |
1786 | COMMENT: on|off | |
1787 | TYPE: onoff | |
f1dc9b30 | 1788 | DEFAULT: off |
934b03fc | 1789 | LOC: Config.Options.query_icmp |
1790 | DOC_START | |
1791 | If you want to ask your peers to include ICMP data in their ICP | |
1792 | replies, enable this option. | |
1793 | ||
1794 | If your peer has built squid with '-DUSE_ICMP=1' then that peer | |
1795 | will send ICMP pings to origin server sites of the URLs it | |
1796 | receives. If you enable this option then the ICP replies from | |
1797 | that peer will include the ICMP data (if available). Then, | |
1798 | when choosing a parent cache, Squid will choose the parent with | |
1799 | the minimal RTT to the origin server. When this happens, the | |
1800 | hierarchy field of the access.log will be | |
1801 | "CLOSEST_PARENT_MISS". This option is off by default. | |
1802 | ||
1803 | query_icmp off | |
1804 | DOC_END | |
1805 | ||
78f1250a | 1806 | NAME: buffered_logs |
1807 | COMMENT: on|off | |
1808 | TYPE: onoff | |
1809 | DEFAULT: off | |
1810 | LOC: Config.Options.buffered_logs | |
1811 | DOC_START | |
1812 | Some log files (cache.log, useragent.log) are written with | |
1813 | stdio functions, and as such they can be buffered or | |
1814 | unbuffered. By default they will be unbuffered. | |
1815 | buffered_logs off | |
1816 | DOC_END | |
1817 | ||
934b03fc | 1818 | NAME: always_direct |
1819 | TYPE: acl_access | |
1820 | LOC: Config.accessList.AlwaysDirect | |
f1dc9b30 | 1821 | DEFAULT: none |
934b03fc | 1822 | DOC_START |
1823 | XXX need docs | |
1824 | DOC_END | |
1825 | ||
1826 | NAME: never_direct | |
1827 | TYPE: acl_access | |
1828 | LOC: Config.accessList.NeverDirect | |
f1dc9b30 | 1829 | DEFAULT: none |
934b03fc | 1830 | DOC_START |
1831 | XXX need docs | |
1832 | DOC_END | |
1833 | ||
1834 | #NAME: proxy_auth_ignore | |
1835 | #TYPE: regexplist_icase | |
1836 | #LOC: Config.proxyAuth.IgnoreDomains | |
1837 | #DOC_START | |
1838 | # XXX need docs | |
1839 | #DOC_END | |
1840 | ||
88738790 | 1841 | NAME: fake_user_agent |
1842 | TYPE: eol | |
1843 | LOC: Config.fake_ua | |
1844 | DEFAULT: none | |
1845 | DOC_START | |
1846 | If you use the paranoid http_anonymizer setting, Squid will strip | |
1847 | your User-agent string from the request. Some Web servers will | |
1848 | refuse your request without a User-agent string. Use this to | |
1849 | fake one up. For example: | |
1850 | ||
1851 | fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) | |
1852 | (credit to Paul Southworth pauls@etext.org for this one!) | |
1853 | ||
1854 | fake_user_agent none | |
1855 | DOC_END | |
1856 | ||
365cb147 | 1857 | NAME: icon_directory |
1858 | TYPE: pathname_stat | |
1859 | LOC: Config.icons.directory | |
1860 | DEFAULT: @DEFAULT_ICON_DIR@ | |
1861 | DOC_START | |
1862 | XXX | |
1863 | DOC_END | |
1864 | ||
1865 | NAME: icon_content_type | |
1866 | TYPE: string | |
1867 | LOC: Config.icons.content_type | |
1868 | DEFAULT: image/gif | |
1869 | DOC_START | |
1870 | XXX | |
1871 | DOC_END | |
88738790 | 1872 | |
934b03fc | 1873 | EOF |